Changing Syslog facility

Discussion:

Marcus Inskip

2014-09-19 15:14:44 UTC

Hi,

I’m trying to change the logging facility of audispd to local2 to send logs off to a remote server via Rsyslog without logging twice is this possible?

Many thanks in advance,

Marcus

Marcus Inskip

2014-09-19 15:25:56 UTC

Permalink

Apologies:

O/S: Redhat 6.5
Rsyslog: 5.8.10-8
AuditD: 2.2-2

Hi,
Im trying to change the logging facility of audispd to local2 to send logs off to a remote server via Rsyslog without logging twice is this possible?
Many thanks in advance,
Marcus
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit

Steve Grubb

2014-09-19 15:39:12 UTC

Permalink

Post by Marcus Inskip
I’m trying to change the logging facility of audispd to local2 to send logs
off to a remote server via Rsyslog without logging twice is this possible?

The audisp-syslog plugin should do it. Just open
/etc/audisp/plugins.d/syslog.conf and add LOCAL2 to the args line. Then enable
the module and restart the audit daemon.

-Steve

Continue reading on narkive:

Search results for 'Changing Syslog facility' (Questions and Answers)

replies

What is the best router to use for sunrocket voip?

started 2006-05-17 19:50:00 UTC

computer networking

replies

What is AIX Box?

started 2006-05-08 15:58:44 UTC

hardware

replies

Is this a form of limiting free speech?